
<?php
$raw_query=$_POST["query"];
if($raw_query== null)
	$raw_query="Movie Or Actor Here";

print "<div align=center><form action=search.php method=post>";
print "<input type=text maxlength=100 name=query size='150' value=\"". 
	htmlspecialchars($raw_query)
	."\"></input>";
print "<input type=submit  value=Run></input></form><br>";


//SOuRCE FOR LINKS HERE
print "<div align=center><table width=800>
		<tr class=rowb>
		<td><a href=addmovie.php><b>Add Movie</b></a></td>
		<td><a href=addmovieactor.php><b>Add Movie Actor</b></a></td>
		<td><a href=addmoviedirector.php><b>Add Movie Director</b></a></td>
		<td><a href=add_actor_director.php><b>Add Actor or Director</b></a>	</td>
		</tr>
		</table></div>";

function create_query($Fields, $Table, $Compares, $Query){
	$tokens= preg_split("/[\\s]+/", $Query, -1, PREG_SPLIT_NO_EMPTY);
	
	$command="SELECT $Fields FROM $Table WHERE ";
	for($i=0; $i< sizeof($tokens); $i++){
			$command = $command . "(";
			$tokens[$i] = mysql_real_escape_string($tokens[$i]);
			for($j=0;$j <sizeof($Compares); $j++){
				$command = $command . "$Compares[$j] LIKE \"%".
				$tokens[$i]."%\"";
				
				if( $j+1 < sizeof($Compares)){
					$command = $command . " OR ";
				}
				else {
					$command = $command . " ";
				}
			}
			$command = $command . ")";
			if($i + 1 < sizeof($tokens))
				$command = $command . "AND";
				
		
	
	}	
	return $command;
	
	
}


function connect_to_server(){
	$DB="CS143";
	$db_connection = mysql_connect("localhost", "cs143", "");
	if(!$db_connection) {
		$errmsg = mysql_error($db_connection);
		print "Connection failed: " .$errmsg ."<br />";
		exit(1);
	}
	mysql_select_db("$DB", $db_connection);
	return $db_connection;

}

function make_query($command, $db_connection){
		
	$resTable = mysql_query($command, $db_connection);
	if(!$resTable) {
		$errmsg = mysql_error($db_connection);

		if($command != ""){
			print "Query fetch failed: " .$errmsg ."<br />";
		}

		exit(1);
	
	}
	return $resTable;
	
}


//Open a connection to the server for a database.


$db_connection=connect_to_server();
//$sanitized_query = mysql_real_escape_string($raw_query, $db_connection);
$sanitized_query = $raw_query;

$movie_command=create_query("title,year, id", "Movie", array("title"), $sanitized_query);
$movie_result=make_query($movie_command, $db_connection);

$actor_command=create_query("first,last, id", "Actor", array("first","last"), $sanitized_query);
$actor_result=make_query($actor_command, $db_connection);

$director_command=create_query("first,last, id", "Director", array("first","last"), $sanitized_query);
$director_result=make_query($director_command, $db_connection);

print "<h3>Movies</h3>";

$phpfile="movie.php";
while($row = mysql_fetch_row($movie_result)){
		$title="$row[0] ($row[1])";
		print "<a href=\"$phpfile?id=$row[2]\">$title</a><br>";
}


print "<h3>Actors</h3>";

$phpfile="actor.php";
while($row = mysql_fetch_row($actor_result)){
		$title="$row[0] $row[1]";
		print "<a href=\"$phpfile?id=$row[2]\">$title</a><br>";
}

print "<h3>Directors</h3>";

$phpfile="director.php";
while($row = mysql_fetch_row($director_result)){
		$title="$row[0] $row[1]";
		print "<a href=\"$phpfile?id=$row[2]\">$title</a><br>";
}

print "</div>";
mysql_close($db_connection);

//issue query

?>
